2010-02-08

Over the weekend I decided to configure my NetBSD system to stop sending emails to the local mbox (where I never read them) and start sending emails correctly to the internet. I also wanted to do so using my gmail account. Most of my info came from here but it's a little verbose for my tastes. Basically I had to do the following:


  • /etc/mk.conf


  • PKG_OPTIONS.postfix+= sasl
    ACCEPTABLE_LICENSES+= postfix-license

  • build and install pkgsrc/mail/postfix

  • install (I used a binary) pkgsrc/security/cyrus-sasl

  • install (I used a binary) pkgsrc/security/cy2-plain-2.1.23

  • cp /usr/pkg/share/examples/rc.d/postfix /etc/rc.d/

  • modify /usr/pkg/etc/postfix/main.cf


  • relayhost = [smtp.gmail.com]:587

    #use ssl/tls
    smtp_use_tls = yes
    smtp_tls_policy_maps = hash:/usr/pkg/etc/postfix/tls_policy

    #Now add a username and password
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/usr/pkg/etc/postfix/sasl_passwd
    smtp_sasl_security_options=

  • add /usr/pkg/etc/postfix/tls_policy


  • smtp.gmail.com MUST

  • add /usr/pkg/etc/postfix/sasl_passwd


  • [smtp.gmail.com]:587 username@gmail.com:password

  • /usr/pkg/sbin/postmap /usr/pkg/etc/postfix/tls_policy

  • /usr/pkg/sbin/postmap /usr/pkg/etc/postfix/sasl_passwd

  • /etc/rc.d/postfix start



Now test with mailx someone@something.com and watch the maillog. I do get a warning about not liking the thawt cert, so I may figure out how to import it, but other tutorials all talked about needing your own CA and other insanity. I would hope the MUST in tls_policy insured that I was using SSL. I'll tcpdump and see sometime, but for now this seems to be all that's needed.

(Can we get SASL in base? I know LDAP, kerberos, and NFSv4 would appreciate it)

UPDATE!
To fix the ssl cert warning, add the following package:
mozilla-rootcerts
then
cd /etc/openssl/certs
mozilla-rootcerts extract
mozilla-rootcerts rehash

And add the following to your main.cf:
smtp_tls_CApath = /etc/openssl/certs

2010-02-07

One new security advisory was published:

You can find more information about them on the Security and NetBSD page.

2010-02-05

Aleksej Saushev writes on a bunch of lists:

We're running 13th Hackathon February 19-22 2010,
come and join us on IRC channel #netbsd-code at FreeNode (irc.freenode.net).
You may choose other ways to participate, if you find it more convenient.
See Hackathon page for updates: http://wiki.netbsd.se/Hackathon13


Goal

Fix as many bugs as possible, close as many PRs as possible.


Details

In previous years we have accumulated a lot of problem reports.
Some of them relate to no longer supported branches (e.g. 2.0)
and were occasionally fixed during regular code work.
Some of them relate to hardware developers don't have access to.
Some of them may be too easy to fix, but noone looks at that part
of code (e.g. documentation).
Some of them relate to packages already removed or heavily reworked.
Some of them relate to packages in exotic environment (Solaris, Interix)
and developers cannot test if the bug is present or not.

You can find more in PR database at http://netbsd.org/support/query-pr.html


More specifically, David Holland maintains categorized lists of PRs at

  http://www.netbsd.org/~dholland/buglists/

of which "Wanted for 5.1" 

(http://www.netbsd.org/~dholland/buglists/51-WANTED.html)
and "Stuck" (http://www.netbsd.org/~dholland/buglists/STUCK.html)
are of particular interest.

Another hot area is pkgsrc 
(http://www.netbsd.org/~dholland/buglists/pkgsrc.html).


IMPORTANT NOTE: You don't have to be programmer to be able to help us,
you can help us with generic testing support.  

Come, bring your favourite booze, and join in!

2010-02-04

NetBSD-6 will now sport the terminfo interface which removes a lot of the problems with the old termcap which is deprecated by The Open Group. Upgrading existing systems should be quite painless as the old termcap interface is still provided, but there are some caveats.

  • $TERMCAP is no longer supported, tset -s no longer exports it. So if you maintain your own terminal definition, you'll need to use tic(1) on a small terminfo database in $HOME.
  • NetBSD extensions to termcap are no longer supported. Only 3rd party applications that used these would be affected.

This should allow pkgsrc not to need ncurses for a fair few console applications, like say tmux.

2010-02-02

Drop the following script into /etc/rc.d/alixkitt, put "alixkitt=yes" into /etc/rc.conf and enjoy:

#!/bin/sh
# Turn ALIX2c front LEDs into running LED
# http://www.gifninja.com/Workspace/59f3f22e-5f40-4937-936c-1dc0d6fbe690/output.gif
#
# Copyright (c) 2010 Hubert Feyrer <hubertf@NetBSD.org>

# PROVIDE: alixkitt

$_rc_subr_loaded . /etc/rc.subr

name="alixkitt"
start_cmd="alixkitt_start"
stop_cmd="alixkitt_stop"
pidfile="/var/run/${name}.pid"

alixkitt_sleeptime=1.0          # 0.5

alixkitt_setled()
{
        gpioctl -q -d /dev/gpio 6 $1
        gpioctl -q -d /dev/gpio 25 $2
        gpioctl -q -d /dev/gpio 27 $3

        sleep $alixkitt_sleeptime
}

alixkitt_start()
{
        touch $pidfile
        (
                alixkitt_setled 0 0 0

                while [ -f $pidfile ] ; do
                        alixkitt_setled 0 1 1
                        alixkitt_setled 1 0 1
                        alixkitt_setled 1 1 0
                        alixkitt_setled 1 0 1
                done
        ) &;
        echo $! >$pidfile
        echo Started pid $!
}

alixkitt_stop()
{
        if [ -f /var/run/alixkitt.pid ]; then
                read pid <$pidfile
                echo Stopped pid $pid
                kill $pid
                rm $pidfile
                alixkitt_setled 1 1 1
        fi
        exit 0
}

load_rc_config $name
run_rc_command "$1"
P.S.: There's still a bug left in that stopping immediately re-starts the process. Got a patch? Update: Axel Scheepers suggested doing the while-loop only as long as the PID-file exists. Changed above.

2010-01-31

Herre are some more things that I've caught in my inbox for too long, and I'm finally finding some time to sum them up here:

  • NetBSD's "let's move kernel parts to the userland" RUMP project is still under heavy development, and in order to make testing of compatibility after kernel changes easier, a new command "rumptest" was added to build.sh: ``Basically you say:
                ./build.sh ${yourargs} tools ; ./build.sh ${yourargs} rumptest
            
    
    Where yourargs are what have you, e.g. '-U -u -o -O /objs'.

    The latter builds only the rump kernel libs and uses some ld+awk magic to figure out if things go right or not. This is to avoid having to install headers and build libs (which is too slow since a full build is too slow). The magic is not a substitute for a full build, but it is n+1 times faster and works probably 99.9% of the time.

    The scheme uses a number of predefined component sets (e.g. tmpfs+vfs+rumpkern) to test linkage. They are currently listed in build.sh. This area probably needs some work in the future. It would be nice to autogenerate the combinations somehow.

    If things go well, you get something like this:

            ===> Rump build&link tests successful
            ===> build.sh ended:   Wed Nov 18 20:10:59 EET 2009 
    
    '' See Antti's Antti's mail to tech-kern: on how to tell if things didn't go so well, and what to do in that case.
  • According to Wikipedia, ``Non-Uniform Memory Access or Non-Uniform Memory Architecture (NUMA) is a computer memory design used in multiprocessors, where the memory access time depends on the memory location relative to a processor. Under NUMA, a processor can access its own local memory faster than non-local memory, that is, memory local to another processor or memory shared between processors.''

    Supporting NUMA in a contemporary (i.e.: Intel centric) SMP-enabled operating system requires following a bunch of standards, two of which are parsing of two tables, the System Resource Affinity Table (SRAT) and the System Locality Information Table (SLIT). Both tables are accessible via the Advanced Configuration and Power Interface (ACPI), and according to the German-language Wikipedia, the SRAT is used to assign local memory to local threads to boost their performance, and the SLIT defines the "distance" of the nodes among themselves, which is used to determine the "nearest" memory if local memory is not enough.

    Now, Christop Egger has posted patches to add an ACPI SLIT parser and an ACPI SRAT parser. See the two postings for dmesg pr0n from his tests on an 8-node system.

  • Staying with ACPI and Christoph Egger, he found that even though the ACPI spec defines an ACPI device for fans, BIOS vendors and OEMs do their own thing. To accommodate things like the fan sensor found in the ACPI Thermal Zone in his HP Pavillion DV9700 laptop he has proposed a driver to extend the acpitz(4) driver with fan information. That way, envstat(8) can be used to display the ran's RPMs:
    [acpitz0]
      Processor Thermal Zone:     56.000   95.000                       degC
                         fan:       2840                                 RPM 
    
  • Staying with driver games, iMil writes me that there's documentation on getting DRI, AIGLX, Composite and Compiz going with NetBSD 5.0 available in the O(ther)NetBSD Wiki now.

    The documentation covers how to enable the Direct Rendering Manager (DRI), setting up and configuring Modular X.org, assuring that everything's in place, and how to get Compitz going. Mmm, wobbly windows at last! :-)

  • While we're talking funky desktop stuff: Marc Balmer has submitted a patch to get touchpanel support for ums(4). ums(4) is for USB mice, and in contrast to mice, touch panels need to deal with absolute numbers, not relative numbers.
  • Back to the guts of the kernel, another patch suggested by Christop Egger was for adding x2apic. What is x2apic? X2APIC is ``an Intel-only feature but can also be found in virtual environments with support for CPU apic id's > 0xff.

    I.e. Xen 4.0 (not yet released) supports 128 CPUs in HVM guests with the CPUs enumerated with even apic id's. That means you need x2apic for the 128th CPU :) ''

  • While speaking of Xen: Xen 4.0 is coming soon, and there's a call to help testing it on NetBSD!

    Install Mercurial, check out latest Xen sources, apply a bunch of patches, build and install. Examples of commands are given, in addition to changes required for /boot.cfg etc.

    Report your findings to port-xen!

  • Last one for today: Michal Gladecki, Editor-in-Chief of BSD Magazine writes: ``We are happy to announce that BSD Magazine is transforming into a free monthly online publication. The online version of BSD Magazine will stay in the same quality and form. It will look like the BSD magazine one is familiar and comfortable with. Please sign up to our newsletter at www.bsdmag.org and get every issue straight to your inbox. Also, you can now download any of the previous issues from our website. The first online issue -- 2/2010 -- is coming out in February. Please spread the word about BSD Magazine. '' Click!
So much for today. I still have a bunch of news items in my inbox for next time, but let's call it good for today.

Unrelated, I've been playing with git a bit over the past few days, and wile I have a number of questions building up (which will be subject to tech-repository or so), what I can say today is that the speed of "git pull" with NetBSD's git repository and my 1MBit DSL line reminds me a lot of the times when I used SUP with my 56k modem - it took forever, too. :-(

2010-01-27

The recent thread Why is my gigabit ethernet so slow? shows application of old recommendations found here. (NetBSD 2-era; also includes tips for freebsd, linux, and windows!)

This thread also shows NMBCLUSTERS cropping up again as the first part of solving a performance problem. I wonder why it isn't dynamicially tunable. It looks like freebsd can pass it on the boot options, at least.

2010-01-19

AKA "I've been slacking again, and there's a whole pile of stuff here now that I'm putthing into one blog posting". Here we go:

  • Initial support for the FriendlyArm Mini2440 board has been announced by Paul Fleischer. In a later update, most of the hardware is reported working, and the patch is available for review & comments. Furthermore, the touch screen is usable, and Qt/Embedded was built on top of wscons.
  • Force10 Networks Receives Common Criteria Security Certification for Its High-Performance Ethernet Switch/Router Products. According to the article, ``Common Criteria evaluations entail formal rigorous analysis and testing to examine security aspects of a product or system. Extensive testing activities involve a comprehensive and formally repeatable process, confirming that the security product functions as claimed by the manufacturer. Security weaknesses and potential vulnerabilities are specifically examined during wide-ranging evaluation and testing.

    FTOS is the operating system software that runs on Force10 switch/router product lines, including the E-Series, C-Series and S-Series platforms. Based on NetBSD, FTOS leverages a distributed, multiprocessor architecture that delivers highly scalable protocols and reliability. By delivering the same OS across its entire switch/router line, Force10 ensures that customers benefit from stable code, a consistent configuration environment and simpler software management. ''

  • While there: Force10 Networks Delivers Ethernet-Optimized Platform for MPLS Core Networks: ``Force10 Networks, Inc. [...] announced the immediate availability of MPLS (multi-protocol label switching) functionality for its ExaScale E-Series core switch/routers. [...] The ExaScale platform combines high-density, non-blocking, line-rate 10 GbE switching and routing with robust MPLS LSR support at 1/5th of the cost of a traditional core router, enabling carriers to fully capitalize on the economic advantages of Ethernet.''
  • Create Bootable Live Linux USB Drives with UNetbootin: ``UNetbootin allows you to create bootable Live USB drives for a variety of Linux distributions from Windows or Linux, without requiring you to burn a CD. You can either let it download one of the many distributions supported out-of-the-box for you, or supply your own Linux .iso file if you've already downloaded one or your preferred distribution isn't on the list.''

    And of course we all know that NetBSD is Linux, right? See the list of supported distributions:

    The homepage mentions that NetBSD 4.0 is supported, maybe someone wants to give them an update on what's up with NetBSD 5.0? Would be nice to see that on the list!

  • Ever wondered what happened with the BSD Certification recently? There's a video from the talk BSD Certification Group: A Case Study in Open Source Certification available that talks about the goal of the project, the two exams (BSD Associate, BSD Professional), and what's going on behind the scenes.
  • With the move from XFree to X.org, the X server for the DNARD Shark's NetBSD/shark lost support for accelerated X. Thanks to Michael 'macallan' Lorenz, hardware-accelerated X for NetBSD/shark is back now: ``I finally got around to start working on an Xorg driver for the IGS CyberPro 20x0 family found in rev. 5 Sharks, Netwinder etc. - currently the driver is built only on shark and supports only the VL variant found there. Adding support for PCI chips is trivial though, just needs extra probing. The driver supports autoconfiguration ( X -configure should yield something almost usable, only DefaultDepth needs to be adjusted).''
  • Staying with cool platforms, here's a quick procedure to run NetBSD/sun2 5.0.1 on The Machine Emulator (TME) (see pkgsrc/emulators/tme), compiled by Izumi Tsutsui. Who's first do get a pkgsrc bulk build done? :-)
  • Jed Davis has committed the RAIDframe parity Summer-of-Code project. See his posting for the details. The project ``drastically reduces the time RAIDframe spends rewriting parity after an unclean shutdown by keeping better track of outstanding writes (thus, "parity map"). The tech-kern archives have more details [...]

    This feature is enabled by default on all sets (other than RAID 0). It can be administratively disabled with the new "raidctl -M" flag, which is described in the changes to the raidctl(8) man page; however, the I/O overhead for updating the parity map is expected to be unnoticeable in practice.''

So much for now. There is more in the pipe, but that will have to wait for now. Good night!

Feeds

Feed RSS Last fetched Next fetched after
#NetBSD Community Blog XML 2010-02-09 11:15 2010-02-09 13:15
bsdtalk XML 2010-02-09 11:15 2010-02-09 13:15
freshmeat.net Releases XML 2010-02-09 11:15 2010-02-09 13:15
hubertf's NetBSD blog XML 2010-02-09 11:15 2010-02-09 13:15
i summon one kim XML 2010-02-09 11:15 2010-02-09 13:15
Implementality XML 2010-02-09 11:15 2010-02-09 13:15
Jeremy C. Reed's blog XML 2010-02-09 11:15 2010-02-09 13:15
Latest Secunia Advisories XML 2010-02-09 11:15 2010-02-09 13:15
Matthew Sporleder's website XML 2010-02-09 11:15 2010-02-09 13:15
NetBSD Blog XML 2010-02-09 11:15 2010-02-09 13:15
NetBSD PXE Bulk Install Project XML 2010-02-09 11:15 2010-02-09 13:15
NetBSD.org News XML 2010-02-09 11:15 2010-02-09 13:15
Nifelheim Tech-Blog XML 2010-02-09 11:15 2010-02-09 13:15
OSNews XML 2010-02-09 11:15 2010-02-09 13:15
Ours & Hippy — le blog [xmltools] XML 2010-02-09 11:15 2010-02-09 13:15
Seebach Exhibit 7 XML 2010-02-09 11:15 2010-02-09 13:15
The Julipedia: Blog XML 2010-02-09 11:15 2010-02-09 13:15
unsigned long geek = random(); XML 2010-02-09 11:15 2010-02-09 13:15
What Do You Want? XML 2010-02-09 11:15 2010-02-09 13:15